Docker Swarm

Mesut Oezdil
6 min readAug 7, 2023

--

This article will give a detailed introduction to Orchestration and Docker Swarm, providing an overview for anyone interested. There might be a second article on using Swarm, since covering such a broad topic in just one article could be challenging. Of course, this depends on what readers want.

Orchestration

The portability and reproducibility of containerized processes let us move and scale our containerized applications across different clouds and data centres. Containers make sure that these applications run consistently anywhere, allowing us to easily take advantage of all these environments. As we scale up, we’ll need tools to help automate the maintenance of these applications — tools that can automatically replace failed containers and handle updates and reconfigurations throughout their life. Containers are great, but as we increase the number of instances, we need them to work together smoothly to solve business challenges.

The challenge is that when many containers are running, they need management. There must be enough capacity to handle the load while keeping overhead low to avoid slowing down the machines in the cluster. Also, containers may sometimes crash and need to be restarted. Software solutions that manage, expand, and maintain containerized applications are called orchestrators. Examples of these orchestrators are Kubernetes and Docker Swarm. Docker Desktop provides deployment options for both of these orchestrators in development environments. In this guide, we will use Docker Desktop to create our first orchestrated, containerized application.

Significance of Orchestration

Container orchestration is essential for automating various large-scale tasks. It helps with setting up and launching containers automatically, ensuring they stay available, and managing load distribution, traffic, and service discovery. It also monitors container health, ensures secure communication between them, and manages their scheduling. Additionally, it organizes the configuration of applications that use containers, scales containers to balance workloads across the infrastructure, and efficiently allocates resources among them.

How Container Orchestration Functions

Container orchestration works with platforms like Kubernetes and Docker Swarm. Configuration files tell the orchestration tool how to connect containers and where to store logs. The orchestration tool also plans where to deploy containers within clusters and chooses the best host for each container. Once a host is selected, the tool manages the container’s life cycle based on set requirements. Importantly, container orchestration tools can be used in any environment that supports containers. For Docker, the available orchestration tools include:

  • Docker Machine: Provisions hosts and installs Docker Engine.
  • Docker Compose: Deploys multi-container applications by creating the required containers.
  • Docker Swarm: Clusters multiple Docker hosts under a single host. It can also integrate with any tool that works with a single Docker host.

Introduction to Docker Swarm

Docker Swarm is Docker’s built-in tool for managing groups of Docker engines. A Docker Swarm is made up of physical or virtual machines running Docker, and these machines are set up to work together as a cluster. Once the machines form a cluster, you can still use your regular Docker commands, but now they will be carried out by the machines in the cluster. The cluster is managed by a “swarm manager,” and the machines in the cluster are called “nodes.”

Docker Swarm Explanations

A Docker swarm refers to a collection of physical or virtual machines functioning together as a cluster. When a machine becomes part of this cluster, it assumes the role of a node in the Docker swarm.

Nodes

The Docker swarm system recognizes two types of nodes, each having specific responsibilities within the Docker swarm ecosystem:

Manager Node: Manager nodes mainly assign tasks to worker nodes in the swarm. They also handle some of the management duties needed to run the swarm. Docker recommends having no more than seven manager nodes in a swarm.

Worker Node: In a Docker swarm with multiple machines, worker nodes get tasks from manager nodes and carry them out. By default, all manager nodes also work as worker nodes and can perform tasks when they have available resources.

Services and Tasks

A service defines the tasks that should be carried out by manager or worker nodes. It is the main part of the swarm system and the key way users interact with the swarm. When you create a service, you specify the container image to use and the commands that should run inside the containers.

A task includes a Docker container and the commands that run inside it. It’s the basic unit that the swarm schedules. Manager nodes assign tasks to worker nodes based on how many replicas are set in the service. Once a task is assigned to a node, it stays on that node — it can’t move to another. It will either run on that node or fail.

Load Balancing

The swarm manager uses ingress load balancing to make services available outside of the swarm. The swarm manager can automatically assign a PublishedPort for the service, or users can choose a specific one. Any available port can be used, and if no port is chosen, the swarm manager assigns one between 30000 and 32767.

Advantages of Docker Swarm

Decentralized Architecture: The Docker Engine manages node roles at runtime instead of deployment time. You can use Docker Engine to deploy both manager and worker nodes, making it possible to create an entire swarm from a single disk image.

Declarative Service Model: Docker Engine uses a declarative approach, letting you define how you want various services in your application to work. For example, an application might have a web front-end, message queue services, and a database backend.

Scalability: Each service can specify the number of tasks to run. When scaling up or down, the swarm manager adjusts by adding or removing tasks to match the desired state.

Desired State Reconciliation: The swarm manager keeps track of the cluster’s state and fixes any differences between the current and desired state. For example, if a service is set to run ten replicas but a worker hosting two replicas crashes, the manager creates two new replicas to replace them, assigning them to available workers.

Multi-host Networking: You can set up an overlay network for services, and the swarm manager will automatically assign addresses to containers on that network during initialization or updates.

Service Discovery: The swarm manager gives each service a unique DNS name and handles load balancing for running containers. Any container in the swarm can be found using a DNS server integrated into the swarm.

Load Balancing: Service ports can be made available to an external load balancer. Internally, the swarm allows you to specify how to distribute service containers among nodes.

Secure by Default: Each node in the swarm uses TLS for mutual authentication and encryption to ensure secure communication. You can use either self-signed root certificates or certificates from a custom root CA.

Rolling Updates: Service updates can be rolled out gradually to different nodes. The swarm manager lets you control the delay between updates. If something goes wrong, you can revert to a previous version of the service.

Docker Swarm Mode helps distribute containers across multiple Docker hosts, using overlay networks for service discovery and an integrated load balancer for scaling services. Swarm Mode is managed through the Docker CLI, making it easy to use within the Docker ecosystem.

Conclusion

Docker Swarm offers a complete and efficient solution for managing containerized applications in different environments. It ensures easy scaling, load balancing, and secure communication between nodes. With its decentralized design and declarative service model, developers can easily define and manage their application setups.

As a DevSecOps enthusiast, I hope you enjoy this article. In this column called “Mindful Monday Musings” here every Monday, I will share articles on Dev(Sec)Ops and Cloud. You can support M3 (aka Mindful Monday Musings) by following me and sharing your opinions. Please send me your contributions, criticisms, and comments, it would make me glad.

--

--

Mesut Oezdil
Mesut Oezdil

Written by Mesut Oezdil

On M3 (Mindful Monday Musings), I publish articles on DevSecOps and Cloud! Talks about #devops, #devsecops, #cybersecurity, #cloudtech, #awsdevops

Responses (1)